Lucene search
+L

901 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-58659

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS0.00235EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-58659 PyTorch Lightning Arbitrary Code Execution via _instantiator Hyperparameter

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-58659

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References5
CVE
CVE
added 3 days ago8 views

CVE-2026-58659

Summary: CVE-2026-58659 affects PyTorch Lightning up to version 2.6.5. The vulnerability lies in the _load_state function, which can import and execute attacker-controlled module names from the checkpoint _instantiator hyperparameters, enabling remote code execution when LightningModule.load_from...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-58659 PyTorch Lightning Arbitrary Code Execution via _instantiator Hyperparameter

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS0.00235EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44751

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References4
NVD
NVD
added 5 days ago6 views

CVE-2026-15531

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS0.00121EPSS
Exploits0References7
CVE
CVE
added 5 days ago10 views

CVE-2026-15531

The CVE-2026-15531 entry affects yashbhalgat HashNeRF-pytorch (up to commit 82885e698295982504eb6a26d060a6b2473e3706). The vulnerable component is the Checkpoint File Handler’s run_nerf.py, specifically the function torch.load, where deserialization can be triggered by manipulating the ckpt_path ...

5.3CVSS5.6AI score0.00121EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-15531 yashbhalgat HashNeRF-pytorch Checkpoint File run_nerf.py torch.load deserialization

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS0.00121EPSS
Exploits0References7
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-43277

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS5.6AI score0.00121EPSS
Exploits0References7
OSV
OSV
added 2026/07/09 12:52 p.m.3 views

OESA-2026-2929 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently...

9.8CVSS6.1AI score0.00742EPSS
Exploits0References5
OSV
OSV
added 2026/07/07 4:3 p.m.6 views

PYSEC-2026-1856 PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files

Summary A vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to arbitrary code execution. Vulnerability Details The weightsonly=True unpickler...

8.8CVSS7.4AI score0.00695EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/07/02 11:34 p.m.4 views

github.com/containerd/containerd: containerd: Arbitrary code execution via CRI checkpoint image tag poisoning

A flaw was found in containerd, an open-source container runtime. The CRI Container Runtime Interface checkpoint import process fails to validate image references within a checkpoint image's configuration. An attacker with permissions to create pods can exploit this by using a specially crafted...

9.9CVSS6.4AI score0.00354EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/02 9:30 p.m.9 views

CVE-2026-53489

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin incorrectly restores container logs from a checkpoint image. This vulnerability, categorized as a Path Traversal CWE-61, allows an attacker to read arbitrary files on the host system by...

8.2CVSS5.9AI score0.00208EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 7:43 p.m.5 views

GHSA-4M69-67M6-PRQP Zebra has block suppression via NU5 same-header body poisoning of sent-hash cache

Description Am I affected You are affected if: 1. You run any version of zebrad up to and including v4.4.1. 2. Your node accepts inbound P2P connections network.listenaddr is set, which is the default. 3. Your node processes blocks past the checkpoint height non-finalized state is active. All...

8.7CVSS5.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/02 3:37 p.m.11 views

CVE-2026-53492

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during...

9.6CVSS5.9AI score0.00412EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/02 1:50 p.m.6 views

CVE-2026-50195

A flaw was found in containerd, an open-source container runtime. The CRI Container Runtime Interface checkpoint import process fails to validate image references within a checkpoint image's configuration. An attacker with permissions to create pods can exploit this by using a specially crafted...

9.9CVSS6.4AI score0.00354EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 7:16 p.m.11 views

CVE-2026-53489

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS0.00208EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 7:16 p.m.8 views

CVE-2026-53492

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

9.6CVSS0.00412EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 7:16 p.m.8 views

CVE-2026-50195

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...

9.9CVSS0.00354EPSS
Exploits0References1
Rows per page
Query Builder